Skills
skills/availproject/nexus-elements/nexus-elements-view-history/Gen Agent Trust Hub

nexus-elements-view-history

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill provides instructions to install code using npx shadcn@latest add from a remote URL (https://elements.nexus.availproject.org/r/view-history.json). Because the availproject.org domain is not in the trusted sources list, this represents an unverifiable dependency installation that could lead to the execution of unvetted code.
  • Command Execution (LOW): The skill includes shell commands (npx shadcn) that download and modify the local filesystem by creating files based on remote JSON content.
  • Indirect Prompt Injection (SAFE): While the component displays 'intent history' (data originating from an external SDK), the skill itself is an installer and does not define unsafe interpolation of that data into agent instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 08:39 AM